PHP: Delete or expire a browser cookie

Contributed by qmchenry  
Tagged: PHP programming  

• Tweet

Browse to next tech-recipes article

Cookies may be created with an expiration time. It may become necessary to expire a cookie before the expiration time such as when a user logs out of a cookie-based authentication web application. This recipe describes expiring a cookie.

Expiring a cookie uses the same command as creating a cookie. The cookie value is left blank and the expiration time needs to be in the past. To expire the cookie ‘user’ use:

setcookie('user','',1);


The second parameter is the cookie value and is set to blank with the double quotes. The third parameter is the expiration time. A value of zero here indicates that the cookie is to remain valid until the browser is closed. A positive value indicates the time at which the cookie is to expire. Many sources indicate using something like

setcookie('user','',time()-3600)


which sets the expiration time 3600 seconds (1 hour) in the past. The trick is that this references the time on the server while the cookie expiration is dependent on the time of the host running the browser. If there is a mismatch of time between the two hosts, it is possible that it a cookie may not expire. However, using a time of ‘1′ indicates an expiration time of 1 second after midnight, January 1st, 1970 which is the earliest possible expiration time.

You may also like -

PHP: Set or create a simple browser cookie with setcookieGoogle Chrome: How to Delete Individual CookiesIE: Block, Clear or Delete Cookies in Internet ExplorerPHP: Read a browser cookie valueOpera 9: Delete Cookies on ExitCannot modify header information - headers already sentFirefox: How do I Block Cookies of a Specific Website?Symfony: Delete an Application

 

16 Comments -

1. Román said on September 23, 2009

   Nice trick!

2. Anonymous said on September 27, 2009

   Good Idea. This is a smart way to delete cookies.
   Thanks

3. Artem Egorov said on December 6, 2009

   Good article for php beginer )

4. LaNN said on March 16, 2010

   You notice that the time different between server and client will make the cookie deletion unsuccessful. Don’t assume time between server and client cannot be different more than 1 hour. If I browse your site in different time zone, the cookie possibly not to be deleted. Thus we need to set the time more than 24hours in the past.
   Easier to write setcookie(‘user’,”,1)
   But recommended to write setcookie(‘user’,”,time()-60*60*24*2) // 2days past.

5. richhessler said on April 16, 2010

   Thanks for the tip!

6. Arpit said on June 23, 2010

   i have been using this trick and it is good but its not working for my site.
   can it be a problem with my host?

7. Webmaster Trainman2k said on December 21, 2010

   To delete a cookie by resetting it has severe and drastic limits.
   I have found that when using PHP, after the header has had any output, you cannot ‘reset’ a cookie that way to make it expire.

   In my opinion, a better way, (from a PHP programers’ view), is to use:
   unset($_COOKIE['the_cookie_name']);

   From my experience, doing it this way, you can delete a cookie anywhere within the PHP code without a problem and not restricted to when or where you delete it..

8. developer in php said on December 30, 2010

   now i can easily delete cookies..
   Thank you…!

9. middlewhere said on January 4, 2011

   Only the following worked for me:

   unset($_COOKIE['the_cookie_name']);

   Thanks Webmaster Trainman2k

10. Erick S. said on January 6, 2011

    Somehow it seems you always need to know the ‘name of a cookie’…But if you don’t know this?

    I am busy with protecting pages from a Wordpress website. Protecting works fine…but now I want provide a ‘log out’ button somewhere…but whatever I do…people stay logged in.

    I want them to click on the ‘log out’ button and then end up on the startpage of the website…on which are 2 options: enter website – member login

    All Javascript and PHP trickery I have tried always need the name of the Cookie.

    And when I get the name of the Cookie (with the webdevelopers toolbar in Firefox) and put this in the right position…it never works,

    Help is needed…sigh…

11. Jarrod Christman said on January 11, 2011

    Don’t use unset($_COOKIE['variablename']). That will only unset the variable from the $_COOKIE superglobal array, it will not expire (delete) the cookie itself.

12. Anonymous said on January 26, 2011

    no don’t use unset() use setcookie()
    the main unsuccessfull delete or expire cookie is because you made a cookie in dive folder inside host and you can’t delete in diferent folder outside you made and cookie path is set value already.

    for better security and successfully use :
    setcookie(“cookiename”,”",mktime(12,0,0,1, 1, 1990), “/”);

13. boopathi said on February 1, 2011

    Hi Experts,

    just i want to know about how to create cookies using CORE PHP

    Advance Thanks

    Regards
    Mr . Dhenu

14. sandip kalbhile said on February 18, 2011

    nice this is smart programming

15. Kirill said on May 17, 2011

     Recommended by who? Here is a simple explanation why 1 is better than any of these mathematical calculations inside of setcookie command.

16. Vkijust4u said on July 26, 2011

    Thanks dude…u owe me…..

RSS feed for comments on this post. TrackBack URL

Leave a comment -